This post is more than 5 years old
66 Posts
0
3793
SMC Security
I'm new to SMC and I need some help securing it. I would like to use my domain account to login to the console. The domain login is working. The problem is, it works for every domain account, even accounts that do not have access to login to the server. How can I secure it and only allow select domain users.
Thanks,
Hank
Joe_Ab
227 Posts
0
February 4th, 2010 16:00
There are many approaches to secure your environmet.
what you asked for was answered by Allen, you are looking for a way to prevent users to access SMC.
Go to tasks --> permessions --> security --> Add then selecet your sid username & the roles for your case it will be an administrator to provide full permission.
Now if you tried to open it again with SMC you should not get any mannaged array ..
You cant prevent users to run the application it self by SMC , what i suggest to control the security of SMC installation folder , if you remove the authenticated and everyone users, no one will have the permession to run the application... its windows issue and out of SMC and EMC
This is a host level security, if you are looking for symmetrix level, it was mentioned by dynamox, you can use symauth to restric managment for arrays, set roles and permession for users on symmetrix level it maybe domain or local user.
and finally the you can define an Access control list, anyone may have access to execute commands To prevent this we use symacl to set up and restrict "host" access to defined sets of devices as pools each to a server and then you can restric what symcli commands they can run ...simply its perfect but maybe complicated.
regards
yousef
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
1
February 4th, 2010 12:00
Allen ..are you talking about symauth ?
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.
If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
AranH1
2.2K Posts
1
February 4th, 2010 12:00
HankDorsett
66 Posts
0
February 4th, 2010 12:00
Allen Ward
2.1K Posts
0
February 4th, 2010 12:00
Hank, the security setup isn't for login to SMC itself, but for management of the Symm(s) once you are in. I don't have it right in front of me, but you need to set up permissions for specific account to manage the Symm. Once this is done, anyone logging in with a non-privileged account will (or at least used to) get an alert telling them they are not authorized to manage any of the Symms. If you log in with an account that is set up you will be able to proceed normally.
We have this set using domain accounts. The initial setup was done using the default SMC login account, then after I set my account up I logged back in and removed rights for the default account to manage the Symms.
If you can't find the exact dialog and options, reply back and I'll try to get more detailed instructions for you. I'm just about on my way out today and wanted to at least point you in the right direction before leaving.
Allen Ward
2.1K Posts
0
February 4th, 2010 12:00
Not sure what the CLI equivalent would be dynamox. I set it all up through SMC when we first deployed it. I'll try to take a closer look tomorrow when I'm back in the office. Right now I'm on the way out the door. This time for real :-)
My massage therapist is waiting to beat the kinks out of me from the last month. It's been way too long!
Allen Ward
2.1K Posts
0
February 4th, 2010 12:00
HankDorsett
66 Posts
0
February 4th, 2010 13:00
Aaran,
I have a few users and group profiles in the local admin group but it still allows all users to open the console. Can you have someone that isn't authorized to see if they can login?
AranH1
2.2K Posts
0
February 4th, 2010 14:00
@Allen
No I did not setup Symmetrix Authorization. When you add the user you select which Symm array to associate the user account with. We only have one Sym so this is simple for us. Not sure what the process is when managing multiple Symms.
@Hank
I have tested this with domain accounts that do not have rights to the server. They get the alert that Allen mentioned, stating that they are not authorized to manage any arrays.
HankDorsett
66 Posts
0
February 5th, 2010 09:00
RajaBalan
1 Message
0
April 12th, 2010 13:00
Allen,
Can you send me this doc tor
Please
Raj